You only (I assume given the outcome) cleared the cookies for your application domain; as part of the initial login through your tenant domain an authenticated session was established at that domain so the next time the application reloads the SDK performs a call to check if the user already has an authenticated session in the identity provider (Auth0 tenant) and if yes, proceeds to consider the user authenticated.
The above will work as long as the cookies that are associated with the authentication session in the tenant domain are not cleared nor expire.